Turning on SSL was a little more time consuming than I thought it would be – largely because of my naivete. Here’s some of things I had to do to make it work.
- For Paperclip – for images from S3, I had to changes the parameters in has_attached_file to include ‘:s3_permissions => :private, ‘ . This will give the S3 images a https in the url
- For the Recaptcha gem, add the option :ssl => true as an option to the recaptcha_tag, like so: <%= recaptcha_tags(:ssl => true) %>
- I had to change all external libraries I referenced for CSS or JS to https (in the url) or download a local copy and reference the local copy
- in each controller where a view that needed to be secured force_ssl :only => :new or force_ssl :only => [:new, :edit] for multiple actions
When you run into issues, maybe these tips will help:
- if you’re using Chrome, Chrome will mark all pages insecure if you hit one that claims https, but has some insecure elements (so you may see a page that is secure, but it says insecure). If you find this, pop open a new tab and paste the url in doubt
- seek and destroy all elements that show in your source that are http instead https, except links